FBI may have disrupted major cyber attack on Ukraine


Senior Member
Nov 19, 2017
By: PTI | London | Published: May 24, 2018 10:29:15 am

Ukraine has been locked in a years-long struggle with Russia-backed separatists in the country's east and has repeatedly been hit by cyber attacks of escalating severity

The FBI has put a spoke in the wheel of a major Russian digital disruption operation potentially aimed at causing havoc in Ukraine, evidence pieced together from researchers, Ukrainian officials and US court documents indicates.

Yesterday, network technology company Cisco Systems and antivirus company Symantec warned that a half-million internet-connected routers had been compromised in a possible effort to lay the groundwork for a cyber-sabotage operation against targets in Ukraine.

Court documents simultaneously unsealed in Pittsburgh the same day show the FBI has seized a key website communicating with the massive army of hijacked devices, disrupting what could have been — and might still be — an ambitious cyber attack by the Russian government-aligned hacking group widely known as Fancy Bear.

“I hope it catches the actors off guard and leads to the downfall of their network,” said Craig Williams, the director of outreach for Talos, the digital threat intelligence unit of Cisco that cooperated with the bureau. But he warned that the hackers could still regain control of the infected routers if they possessed their addresses and the right resources to re-establish command and control.

FBI Assistant Director Scott Smith said the agency “has taken a critical step in minimizing the impact of the malware attack. While this is an important first step, the FBI’s work is not done.” Much about the hackers’ motives remains open to conjecture.

Cisco said the malicious software, which it and Symantec both dubbed VPNFilter after a folder it creates, was sitting on more than 500,000 routers in 54 countries but mostly in Ukraine, and had the capacity to render them unusable — a massively disruptive move if carried out at such a scale.

“It could be a significant threat to users around the world,” said Williams.

The US Justice Department said the malware “could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.” Ukraine’s cyberpolice said in a statement that it was possible the hackers planned to strike during “large-scale events,” an apparent reference either to the upcoming Champions League game between Real Madrid and Liverpool in the capital, Kiev, on Saturday or to Ukraine’s upcoming Constitution Day celebrations.

Ukraine has been locked in a years-long struggle with Russia-backed separatists in the country’s east and has repeatedly been hit by cyber attacks of escalating severity. Last year witnessed the eruption of the NotPetya worm, which crippled critical systems, including hospitals , across the country and dealt hundreds of millions of dollars in collateral damage around the globe. Ukraine, the United States and Britain have blamed the attack on Moscow — a charge the Kremlin has denied.

Cisco and Symantec both steered clear of attributing the VPN Filter malware to any particular actor, but an FBI affidavit explicitly attributed it to Fancy Bear, the same group that hacked into the Democratic National Committee in 2016 and has been linked to a long series of digital intrusions stretching back more than a decade. The US intelligence community assesses that Fancy Bear acts on behalf of Russia’s military intelligence service.


Latest Replies

Global Defence

New threads